N.B. these published cryptographic hash fingerprints now '''do''' actually match the currently installed Digital Certificate - there have been 2 or 3 Digital Certificate changes between January and May 20011.

+

N.B. these published cryptographic hash fingerprints now '''do''' actually match the currently installed Digital Certificate - there have been 2 or 3 Digital Certificate changes between January and May 2011.

+

+

This self signed Digital Certificate has been allowed to expire on 18th October 2011, which rather casts doubt on whether the project is still active or not in February 2012.

It is a good idea to publish these on the website, but only if the web page and the installed certificate are actually kept up to date.

It is a good idea to publish these on the website, but only if the web page and the installed certificate are actually kept up to date.

General Notes

OpenLeaks.org is a current work in progress by former WikiLeaks.org people, including [Domscheit-Berg] with the intention of providing a whistleblowing infrastructure for local whistleblowers and the mainstream media and non-governmental organisations, without the controversy associated with Julian Assange and WikiLeaks.org

They should have much to contribute in terms of computer infrastructure security, anonymity and scalability experience, but their system, like that of Wikileaks.org / WikiLeaks.ch itself, is not currently accepting any whistleblower submissions.

Domscheit-Berg argues that leaking sites’ security measures don’t need to be as tight as WikiLeaks were during Domscheit-Berg’s time with the group – they need to be tighter. Adversaries of leaking like corporations, law enforcement and intelligence, he says, have ramped up their security measures in the wake of WikiLeaks record-breaking breaches. “WikiLeaks appeared out of nowhere,” says Domscheit-Berg. “It cause a lot of new problems no one had thought about before. Now they’ve thought about this whole thing for a bit. The dust has settled. And it will never be as easy again.”

That means facilitating leakers needs to become more systematic and rigorous, Domscheit-Berg says.

Update 21 August 2011

The publicity about this test preview of the OpenLeaks.org submission system, the temporary https://leaks.taz.de website has lead to controversy in Germany. It was used as the excuse to expel Daniel Domscheit-Berg from the Chaos Computer Club.

The real reason for his expulsion seems to be related to a single copy of an encrypted disk, which which Julian Assange was the only person to have the cryptographic keys, but which was in the physical possession of Daniel-Domscheit Berg possession of when he and the other main technical team members left WikiLeaks.org last year.

The main effect on OpenLeaks.org of this expulsion may be to make it impossible for them to make use of the Wau Holland charitable foundation as a conduit for financial contributions, a service which they provide to the WikiLeaks.org project. see

Update 08 September 2011

Daniel Domscheit-Berg is reported as having now destroyed the encrypted data from WikiLeaks.org, citing the need to protect whistleblower sources, something which WikiLeaks.org still cannot be trusted with.

The propaganda and threats aimed personally at Daniel Domscheit-Berg by WikiLeaks.org fanatics, to somehow blame him for their own security failings and incompetence (WikiLeaks.org leaked their own "crown jewels" leak of unredacted US Diplomatic Cables online through BitTorrent and by stupidly re-using a cryptographic password) may make it difficult or impossible for the OpenLeaks.org project to proceed as planned.

Whistleblower websites need to learn from these personnel and procedural failures - technology is only part of the anonymity / security / trust / publicity / publishing system that such websites aim to achieve.

Press inquiries

General inquiries

Postal Address:

None

Social Networking publicity

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

While we would like to use the twitter account we registered (openleaks), we can not because something is wrong with the account. We tried to recover it through the official process of working together with twitter but were turned down.

FaceBook

None

Blog

None

Financial Donation methods

Methods of accepting payments from the the public and supporters, also come under political and legal pressure, as WikiLeaks.org have learned to their cost:

OpenLeaks.org is currently soliciting money through several payment methods:

N.B. these published cryptographic hash fingerprints now do actually match the currently installed Digital Certificate - there have been 2 or 3 Digital Certificate changes between January and May 2011.

This self signed Digital Certificate has been allowed to expire on 18th October 2011, which rather casts doubt on whether the project is still active or not in February 2012.

It is a good idea to publish these on the website, but only if the web page and the installed certificate are actually kept up to date.

Qualsys SSLLabs SSL Server Test rating:

No weak cipher suites or deprecated SSL 2.0 protocol, but because this is a self signed Digital Certificate, some potential users will refuse to trust this website, or their web browser configurations will prevent them from trusting this website.

When OpenLeaks.org launched their website back in January 2011, they did use a commercial Digital Certificate from GlobalSign nv-sa, which they abandoned for some undisclosed reason.

N.B. The DNS entries for OpenLeaks.org have a second A record which points to another IP address:

83.223.73.53 w-4.so36.net

perhaps for resilience or development, but which does not currently have any public Digital Certificate installed.